Firefox has a Breach or “have I been pwned” tool. Which allegedly is based upon
the haveibeenpwned website? detection engine?
Here’s the thing
Firefox has fewer listngs than haveibeenpwned
And both are way out of date, not listing known breaches at Equifax, and other
breaches or “dark web” alerts for a couple of our email accounts.
Thoughts please
Thanks
I believe Firefox is using the haveibeenpwned site in their Lockwise password database. But keep in mind what it is looking for. It is looking to see if your password is vulnerable, not if someone got your credentials from a data breach.
Firefox has no way of knowing if the password you have saved is the one that was lost in the breach. It only knows the date that you saved the password. If the date is more recent than the date of the breach, then you won’t be alerted because (as far as Firefox is concerned), you changed it after the breach occurred.
Very difficult for me to believe that haveibeenpwned could possibly be out-of-date. I follow the owner, Tony Hunt, on Twitter who has notified us of breaches almost every week recently. I also subscribe to the site so that I’m notified by email of any new breaches I’m listed on. You can see a list of the last five months at Have I Been Pwned latest breaches.
The 2017 Equifax breach consumer information accessed includes names, Social Security numbers, birth dates, addresses, and in some instances, driver’s license numbers. In addition, credit card numbers for approximately 209,000 consumers and certain dispute documents, which included personal identifying information, for approximately 182,000 consumers were accessed. Perhaps your e-mail address, phone number or password was not among the data items included. It’s not listed as a breach for me, either.
as a side note, perhaps,
• I do notice that haveibeenpwned does have more items listed that the Firefox Monitor offers.
• which includes an Experian (2015) breach listing, an event which Experian never notified me
Possibly for a different subject thread
• credit monitoring services like Experian and Equifax (which have both had big problematic hacks) rarely elucidate any helpful or additional corroborative data on their security alerts … simply stating that an email/password has been found on the dark web …
When it is indicated a password was found the services do not further detail for which website this relates to, or whether the password for one’s email address has been revealed
I have always been curious why they won’t offer more detailed information in regard to these alerts